fix: fixed security-bootstrapper Docker volume init semantics (edgexf…

…oundry#4085) * fix: fixed security-bootstrapper Docker volume init semantics fixes: edgexfoundry#3851 Signed-off-by: Valina Li <valina.li@intel.com>
vli11 · Jul 11, 2022 · ad21f98 · ad21f98
1 parent fb67e34
commit ad21f98
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 13 deletions.
diff --git a/cmd/security-bootstrapper/Dockerfile b/cmd/security-bootstrapper/Dockerfile
@@ -35,21 +35,21 @@ RUN make cmd/security-bootstrapper/security-bootstrapper
 FROM alpine:3.16
 
 LABEL license='SPDX-License-Identifier: Apache-2.0' \
-      copyright='Copyright (c) 2021 Intel Corporation'
+      copyright='Copyright (c) 2022 Intel Corporation'
 
 RUN apk add --update --no-cache dumb-init su-exec
 
 ENV SECURITY_INIT_DIR /edgex-init
-ARG BOOTSTRAP_REDIS_DIR=${SECURITY_INIT_DIR}/bootstrap-redis
+ENV SECURITY_INIT_STAGING /edgex-init-staging
+ARG BOOTSTRAP_REDIS_DIR=${SECURITY_INIT_STAGING}/bootstrap-redis
 
-RUN mkdir -p ${SECURITY_INIT_DIR} \
-    && mkdir -p ${BOOTSTRAP_REDIS_DIR}
+RUN mkdir -p ${BOOTSTRAP_REDIS_DIR}
 
-WORKDIR ${SECURITY_INIT_DIR}
+WORKDIR ${SECURITY_INIT_STAGING}
 
 # copy all entrypoint scripts into shared folder
-COPY --from=builder /edgex-go/cmd/security-bootstrapper/entrypoint-scripts/ ${SECURITY_INIT_DIR}/
-RUN chmod +x ${SECURITY_INIT_DIR}/*.sh
+COPY --from=builder /edgex-go/cmd/security-bootstrapper/entrypoint-scripts/ ${SECURITY_INIT_STAGING}/
+RUN chmod +x ${SECURITY_INIT_STAGING}/*.sh
 
 COPY --from=builder /edgex-go/Attribution.txt /
 COPY --from=builder /edgex-go/cmd/security-bootstrapper/security-bootstrapper .
@@ -59,10 +59,7 @@ COPY --from=builder /edgex-go/cmd/security-bootstrapper/res/configuration.toml .
 COPY --from=builder /edgex-go/cmd/security-bootstrapper/res-bootstrap-redis/configuration.toml ${BOOTSTRAP_REDIS_DIR}/res/
 
 # copy Consul ACL related configs
-COPY --from=builder /edgex-go/cmd/security-bootstrapper/consul-acl/ ${SECURITY_INIT_DIR}/consul-bootstrapper/
-
-# Expose the file directory as a volume since there's long-running state
-VOLUME ${SECURITY_INIT_DIR}
+COPY --from=builder /edgex-go/cmd/security-bootstrapper/consul-acl/ ${SECURITY_INIT_STAGING}/consul-bootstrapper/
 
 # setup entry point script
 COPY --from=builder /edgex-go/cmd/security-bootstrapper/entrypoint.sh /

diff --git a/cmd/security-bootstrapper/entrypoint.sh b/cmd/security-bootstrapper/entrypoint.sh
@@ -4,7 +4,7 @@
 # zombie processes
 #
 #  ----------------------------------------------------------------------------------
-#  Copyright (c) 2021 Intel Corporation
+#  Copyright (c) 2022 Intel Corporation
 #
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -33,6 +33,9 @@ fi
 DEFAULT_EDGEX_USER_ID=2002
 EDGEX_USER_ID=${EDGEX_USER:-$DEFAULT_EDGEX_USER_ID}
 
+# assumming the target directory ${SECURITY_INIT_DIR} has been created by the framework
+cp -rpd ${SECURITY_INIT_STAGING}/* ${SECURITY_INIT_DIR}/
+
 # During the bootstrapping, environment variables come for compose file environment files,
 # which then injecting into all other related containers on other services' entrypoint scripts
 # if the executable is not 'security-bootstrapper'; then we consider it not running the bootstrapping process
@@ -46,4 +49,4 @@ else
   # for debug purposes like docker run -it --rm security-bootstrapper:0.0.0-dev /bin/sh
   echo "current directory:" "$PWD"
   exec su-exec ${EDGEX_USER_ID} "$@"
-fi
+fi